CVE-2026-46861
Awaiting Analysis Awaiting Analysis - Queue
MySQL NDB Cluster Unauthorized Data Access Vulnerability

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Oracle

Description
Vulnerability in the MySQL NDB Cluster product of Oracle MySQL (component: Cluster: NDB Operator). Supported versions that are affected are 8.0.11-8.0.46, 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MySQL NDB Cluster. While the vulnerability is in MySQL NDB Cluster, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL NDB Cluster accessible data as well as unauthorized access to critical data or complete access to all MySQL NDB Cluster accessible data. CVSS 3.1 Base Score 9.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-46861
EUVD
EUVD-2026-37354
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
oracle mysql_ndb_cluster From 8.0.11 (inc) to 8.0.46 (inc)
oracle mysql_ndb_cluster From 8.4.0 (inc) to 8.4.9 (inc)
oracle mysql_ndb_cluster From 9.0.0 (inc) to 9.7.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the MySQL NDB Cluster product of Oracle MySQL, specifically in the Cluster: NDB Operator component. It affects supported versions 8.0.11-8.0.46, 8.4.0-8.4.9, and 9.0.0-9.7.0. The vulnerability is easily exploitable by a low privileged attacker who has network access via HTTP.

Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, or unauthorized access to all data accessible by the MySQL NDB Cluster. The vulnerability has a high severity with a CVSS 3.1 base score of 9.6, indicating significant confidentiality and integrity impacts.

Impact Analysis

If exploited, this vulnerability can allow an attacker with low privileges and network access to compromise the MySQL NDB Cluster, resulting in unauthorized creation, deletion, or modification of critical data.

This means that sensitive or important data could be altered or deleted without authorization, potentially disrupting business operations or causing data loss.

Additionally, the attacker could gain unauthorized access to all data accessible by the MySQL NDB Cluster, leading to potential data breaches and exposure of confidential information.

Compliance Impact

This vulnerability allows unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all MySQL NDB Cluster accessible data. Such unauthorized access and data manipulation can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls over data confidentiality and integrity.

Because the vulnerability impacts confidentiality and integrity of data with a high CVSS score (9.6), organizations using affected versions of MySQL NDB Cluster may face compliance risks if this vulnerability is exploited, potentially resulting in breaches of regulatory requirements for protecting sensitive personal or health information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46861. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart